I need to encrypt / decrypt passwords for a new application. The spec requires me to use AES; can anyone suggest a good reason to either

1. Do all my encryption in the database layer using CLR functions or
2. Doing it at the .Net app layer ?
3. a mixture of db and server

Am going to be validation passwords; the app is n-tiered using Telerik ORM. The only real functions are going to be create/ update password and check the entered value.

In my gut i think

1. database is better for validating the users entered password against an existing record; and
2. the front end for creating/ updating passwords (so the plain text password is never transmitted)

I am interested in other thoughts and suggestions as to why i might do an alternative. If you are suggesting i do it in the front end what are your thoughts around encryption keys ? One per user in XML or one per app in a config file ?

Thanks for any suggestions :)

Do not store the passwords at all - just salted hashes of them.

The problem with just encrypting a password is quite obviouse - you have to store the key somewhere. If you perform client-side encryption, I will just use Reflector to find the key in the code or attach a debugger and wait until the client obtains the key from the server.

If you perform the encryption at the server, it will become harder to get the key - but everyone with access to the server may use the same techniques as mentiond before because you still have to store the key somewhere. You must encrypt the connection between client and server, of course, else a attack becomes trivial.

And moving the encryption to the database server will not change much and you will have to encrypt both connections - between client and server and between server and database server.

I suggest performing the encryption in the server because else you have to trust the client. This of course requires a secure connection between client and server. The connection between server and database server may be unencrypted.

I you only need to validate the password it would perhaps be better to use a one-way encryption.

There is some discussion on the topic here: Encrypting/Hashing plain text passwords in database